Viktor Jaep
Part of the Furniture
Not a prob...I hope you don't mind it was quicker for me to grab just to show as an example.![]()

Not a prob...I hope you don't mind it was quicker for me to grab just to show as an example.![]()
The way this is phrased makes it sound like you personally just did thisThere's no bug... I'm using the nmap tool to query the IP of your WAN0... and your BR0 interface. Definitely let us know what you find after reinstalling adguard.
Not a prob...Feel free to mark this post with the "RTRMON" tag, so it can be more easily identified, and stands out as support needed for questions regarding the tool, k?
67/udp open|filtered dhcps
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
3702/udp open|filtered ws-discovery
5353/udp open|filtered zeroconf
Okay it is because adguardhome is listening on port 53 universally means it binds to every address. As long as you haven't open the port on the firewall then it is not accessible from outside your network. The same would happen if you were to use dnsmasq by itself.Ok. So this does appear to be related to Adguard Home. With it installed, I reran the 'Diagnostics' command in RTMON and again port 53 appeared open under WAN0 IP for both TCP and UDP.
After uninstallation, I ran 'Diagnostics' once more which now shows WAN0 IP empty for TCP. Though for UDP it shows the following as open (for both WAN and Local)
I'm guessing these are ok?
@SomeWhereOverTheRainBow Just wanted to loop you in if you have any ideas why this might be happening.
Okay it is because adguardhome is listening on port 53 universally means it binds to every address. As long as you haven't open the port on the firewall then it is not accessible from outside your network. The same would happen if you were to use dnsmasq by itself.
Those are fine... eventhough they show "open" under udp, they are also marked as "filtered"... which. means means that a firewall, filter, or other network obstacle is blocking the port.Ok. So this does appear to be related to Adguard Home. With it installed, I reran the 'Diagnostics' command in RTMON and again port 53 appeared open under WAN0 IP for both TCP and UDP.
After uninstallation, I ran 'Diagnostics' once more which now shows WAN0 IP empty for TCP. Though for UDP it shows the following as open (for both WAN and Local)
I'm guessing these are ok?
@SomeWhereOverTheRainBow Just wanted to loop you in if you have any ideas why this might be happening.
Thanks so much. That makes sense! One more thing. Port 53 open on the local interface (tcp/udp) is completely fine correct? Sorry as I mentioned not an advanced user!Those are fine... eventhough they show "open" under udp, they are also marked as "filtered"... which. means means that a firewall, filter, or other network obstacle is blocking the port.
Yep, that's perfectly fine... That's basically the DNS services your router is providing to your network/wireless clients in order to resolve IPs...Thanks so much. That makes sense! One more thing. Port 53 open on the local interface (tcp/udp) is completely fine correct? Sorry as I mentioned not an advanced user!
So with that said. Would you still recommend this to use? I really enjoyed using Adguard Home for the few days I had it active, but I want to be absolutely sure that it's safe and doesn't present any privacy/security concerns. Thanks.Okay it is because adguardhome is listening on port 53 universally means it binds to every address. As long as you haven't open the port on the firewall then it is not accessible from outside your network. The same would happen if you were to use dnsmasq by itself.
It is safe to use. By default, the firewall blocks anything that you have not intentionally open via firewall settings page or port forwards.So with that said. Would you still recommend this to use? I really enjoyed using Adguard Home for the few days I had it active, but I want to be absolutely sure that it's safe and doesn't present any privacy/security concerns. Thanks.
What is the complete output ofSo with that said. Would you still recommend this to use? I really enjoyed using Adguard Home for the few days I had it active, but I want to be absolutely sure that it's safe and doesn't present any privacy/security concerns. Thanks.
iptables-save
, if you do not see a wan facing iptable rule showing port 53 open to inbound traffic (or an inbound port 53 traffic accept rule), then you are fine. That means anyone trying to access port 53 from wan side (or outside your network) will be dropped by the firewall with the rest of unsolicited inbound wan traffic. Just because a program or app listens on an interface does not mean that it is not blocked from wan side solicitation. There are multiple angles to understanding this stuff. You can't just run a netstat and assume you are in danger of unsolicited traffic breaking through. You need to check your firewall. Or even try to access it your self via your WanIp address from outside your network. If you are met by bad answers, then you are being dropped by your firewall while you try solicited traffic via wan side.Those ones you see open on WAN are normal for you to have functioning internet.Ok. So this does appear to be related to Adguard Home. With it installed, I reran the 'Diagnostics' command in RTMON and again port 53 appeared open under WAN0 IP for both TCP and UDP.
After uninstallation, I ran 'Diagnostics' once more which now shows WAN0 IP empty for TCP. Though for UDP it shows the following as open (for both WAN and Local)
I'm guessing these are ok?
@SomeWhereOverTheRainBow Just wanted to loop you in if you have any ideas why this might be happening.
Thanks for clarifying! I've run the command but there's a large output and am unsure the syntax I should be looking for. I can't fully parse the outputWhat is the complete output ofiptables-save
, if you do not see a wan facing iptable rule showing port 53 open to inbound traffic (or an inbound port 53 traffic accept rule), then you are fine. That means anyone trying to access port 53 from wan side (or outside your network) will be dropped by the firewall with the rest of unsolicited inbound wan traffic. Just because a program or app listens on an interface does not mean that it is not blocked from wan side solicitation. There are multiple angles to understanding this stuff. You can't just run a netstat and assume you are in danger of unsolicited traffic breaking through. You need to check your firewall. Or even try to access it your self via your WanIp address from outside your network. If you are met by bad answers, then you are being dropped by your firewall while you try solicited traffic via wan side.
I also want to challenge you, please review my shell scripts. I am curious to see if you can find any line of code that mentions I open your port 53 via the firewall. Look for any lines of code where i invoke your firewall to wan side.
![]()
GitHub - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer: The Official Installer of AdGuardHome for Asuswrt-Merlin
The Official Installer of AdGuardHome for Asuswrt-Merlin - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installergithub.com
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!